LuminosityLink tool creator sentenced to 30 months in prison

The tool allowed access to the victims’ computers without their consent

A 21-year-old man living in Kentucky, who had previously plead himself guilty of developing, marketing and selling a popular Remote Access Trojan (RAT) called LuminosityLink has recently been sentenced to 30 months in prison.

According to a press release published on Monday by the Federal prosecutor’s office, Colton Grubbs, who was known as ‘KFC Watermelon’ online, pleaded guilty to three counts: illegally accessing computers to promote a criminal act, money laundering and illegal removal of property to prevent its legal seizure.

The LuminosityLink Remote Access Trojan, which first appeared in April 2015, also known as Luminosity, was a hacking tool marketed for only $40 USD, Grubbs promoted it as a legitimate tool for the Windows administrators could manage a large number of computers at the same time, as reported by digital forensics experts from the International Institute of Cyber Security.

But in reality, LuminosityLink was developed as a dangerous remote access Trojan that, among other malicious features, allowed Grubbs’s clients:

Record the keys that pressed the victims on their keyboards

Monitor the victims using the cameras and microphones on their computers

View and download files from the victims’ computers

Stealing names and passwords used to access websites

In his initial defense, Grubbs claimed that the LuminosityLink Trojan was never designed to be used maliciously, but was a legitimate tool for system administrators.

However, in the plea agreement signed a year ago, Grubbs admitted that some customers would use their tool to remotely access and control their victims’ computers without their knowledge or consent. Grubbs also admitted to having offered assistance to his clients to use LuminosityLink through publications and group chats on their own website luminosity.Link and the public Internet forum HackForums.net, as reported by specialists in digital forensics.

According to Grubb’s own statements, LuminosityLink was sold for $39.99 USD each to more than 6k people, who used it in malicious manners to gain unauthorized access to thousands of computers in 78 countries worldwide.

According to reports of experts in digital forensics, Grubbs was ordered to comply with 85% of his prison sentence under federal law, and once he is released, he will be under the supervision of the United States Probation Office for a 3 year period.

In addition to his imprisonment sentence, Grubbs should forfeit the money generated by his illicit activity, including 114 Bitcoin (valued at more than $725k USD at the current exchange rate) that were seized by the FBI.